From: bugzilla-daemon@kernel.org
To: linux-scsi@vger.kernel.org
Subject: [Bug 220707] New: ESAS2R: missing a NULL check in esas2r_init_adapter
Date: Mon, 27 Oct 2025 15:48:37 +0000 [thread overview]
Message-ID: <bug-220707-11613@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=220707
Bug ID: 220707
Summary: ESAS2R: missing a NULL check in esas2r_init_adapter
Product: SCSI Drivers
Version: 2.5
Hardware: All
OS: Linux
Status: NEW
Severity: low
Priority: P3
Component: Other
Assignee: scsi_drivers-other@kernel-bugs.osdl.org
Reporter: qiushi.wu@ibm.com
Regression: No
In esas2r/esas2r_init.c, function esas2r_init_adapter() allocates a workqueue
using alloc_ordered_workqueue() but does not verify whether the allocation
succeeds. If the call fails and returns NULL, the returned pointer
a->fw_event_q remains unchecked, which could later lead to a NULL-pointer
dereference when the queue is used. This issue was found via static code
analysis. No specific runtime reproducer is available, but the missing check is
evident in the source logic.
Code: ```a->fw_event_q = alloc_ordered_workqueue("esas2r/%d", WQ_MEM_RECLAIM,
a->index);```
Also, at this allocation point, a->index is initialized to 0 (due to the
earlier memset(a, 0, ...)) and has not yet been assigned the adapter index. It
might be worth confirming whether a->index was intentionally used here for
naming or if the local index variable should be used instead.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
reply other threads:[~2025-10-27 15:48 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-220707-11613@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).